JAX-RS: Java API for RESTful
Web Services

Version 1.1 Draft
September 17, 2009

Editors:
Marc Hadley
Paul Sandoz
Comments to: users@jsr311.dev.java.net

Sun Microsystems, Inc.
4150 Network Circle, Santa Clara, CA 95054 USA.
180, Avenue de L’Europe, 38330 Montbonnot Saint Martin, France

Specification: JAX-RS - Java API for RESTful Web Services (“Specification”)
Version: 1.1-editors-draft
Status: Pre-FCS Public Release
Release: September 17, 2009
Copyright 2007 Sun Microsystems, Inc.
4150 Network Circle, Santa Clara, California 95054, U.S.A
180, Avenue de L’Europe, 38330 Montbonnot Saint Martin, France
All rights reserved.

NOTICE

The Specification is protected by copyright and the information described therein may be protected by one or more U.S. patents, foreign patents, or pending applications. Except as provided under the following license, no part of the Specification may be reproduced in any form by any means without the prior written authorization of Sun Microsystems, Inc. (“Sun”) and its licensors, if any. Any use of the Specification and the information described therein will be governed by the terms and conditions of this Agreement.

Subject to the terms and conditions of this license, including your compliance with Paragraphs 1 and 2 below, Sun hereby grants you a fully-paid, non-exclusive, non-transferable, limited license (without the right to sublicense) under Sun’s intellectual property rights to:

  1. Review the Specification for the purposes of evaluation. This includes: (i) developing implementations of the Specification for your internal, non-commercial use; (ii) discussing the Specification with any third party; and (iii) excerpting brief portions of the Specification in oral or written communications which discuss the Specification provided that such excerpts do not in the aggregate constitute a significant portion of the Technology.
  2. Distribute implementations of the Specification to third parties for their testing and evaluation use, provided that any such implementation: (i) does not modify, subset, superset or otherwise extend the Licensor Name Space, or include any public or protected packages, classes, Java interfaces, fields or methods within the Licensor Name Space other than those required/authorized by the Specification or Specifications being implemented; (ii) is clearly and prominently marked with the word “UNTESTED” or “EARLY ACCESS” or “INCOMPATIBLE” or “UNSTABLE” or “BETA” in any list of available builds and in proximity to every link initiating its download, where the list or link is under Licensees control; and (iii) includes the following notice: “This is an implementation of an early-draft specification developed under the Java Community Process (JCP) and is made available for testing and evaluation purposes only. The code is not compatible with any specification of the JCP.” 

The grant set forth above concerning your distribution of implementations of the specification is contingent upon your agreement to terminate development and distribution of your early draft implementation as soon as feasible following final completion of the specification. If you fail to do so, the foregoing grant shall be considered null and void.

No provision of this Agreement shall be understood to restrict your ability to make and distribute to third parties applications written to the Specification. Other than this limited license, you acquire no right, title or interest in or to the Specification or any other Sun intellectual property, and the Specification may only be used in accordance with the license terms set forth herein. This license will expire on the earlier of: (a) two (2) years from the date of Release listed above; (b) the date on which the final version of the Specification is publicly released; or (c) the date on which the Java Specification Request (JSR) to which the Specification corresponds is withdrawn. In addition, this license will terminate immediately without notice from Sun if you fail to comply with any provision of this license. Upon termination, you must cease use of or destroy the Specification.

“Licensor Name Space” means the public class or interface declarations whose names begin with “java” , “javax” , “com.sun” or their equivalents in any subsequent naming convention adopted by Sun through the Java Community Process, or any recognized successors or replacements thereof

TRADEMARKS

No right, title, or interest in or to any trademarks, service marks, or trade names of Sun or Sun’s licensors is granted hereunder. Sun, Sun Microsystems, the Sun logo, Java, are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries.

DISCLAIMER OF WARRANTIES

THE SPECIFICATION IS PROVIDED ”AS IS” AND IS EXPERIMENTAL AND MAY CONTAIN DEFECTS OR DEFICIENCIES WHICH CANNOT OR WILL NOT BE CORRECTED BY SUN. SUN MAKES NO REPRESENTATIONS OR WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT THAT THE CONTENTS OF THE SPECIFICATION ARE SUITABLE FOR ANY PURPOSE OR THAT ANY PRACTICE OR IMPLEMENTATION OF SUCH CONTENTS WILL NOT INFRINGE ANY THIRD PARTY PATENTS, COPYRIGHTS, TRADE SECRETS OR OTHER RIGHTS. This document does not represent any commitment to release or implement any portion of the Specification in any product.

THE SPECIFICATION COULD INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS. CHANGES ARE PERIODICALLY ADDED TO THE INFORMATION THEREIN; THESE CHANGES WILL BE INCORPORATED INTO NEW VERSIONS OF THE SPECIFICATION, IF ANY. SUN MAY MAKE IMPROVEMENTS AND/OR CHANGES TO THE PRODUCT(S) AND/OR THE PROGRAM(S) DESCRIBED IN THE SPECIFICATION AT ANY TIME. Any use of such changes in the Specification will be governed by the then-current license for the applicable version of the Specification.

LIMITATION OF LIABILITY

TO THE EXTENT NOT PROHIBITED BY LAW, IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, INCLUDING WITHOUT LIMITATION, LOST REVENUE, PROFITS OR DATA, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF OR RELATED TO ANY FURNISHING, PRACTICING, MODIFYING OR ANY USE OF THE SPECIFICATION, EVEN IF SUN AND/OR ITS LICENSORS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

You will hold Sun (and its licensors) harmless from any claims based on your use of the Specification for any purposes other than the limited right of evaluation as described above, and from any claims that later versions or releases of any Specification furnished to you are incompatible with the Specification provided to you under this license.

RESTRICTED RIGHTS LEGEND

If this Software is being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at any tier), then the Government’s rights in the Software and accompanying documentation shall be only as set forth in this license; this is in accordance with 48 C.F.R. 227.7201 through 227.7202-4 (for Department of Defense (DoD) acquisitions) and with 48 C.F.R. 2.101 and 12.212 (for non-DoD acquisitions).

REPORT

You may wish to report any ambiguities, inconsistencies or inaccuracies you may find in connection with your evaluation of the Specification (“Feedback”). To the extent that you provide Sun with any Feedback, you hereby: (i) agree that such Feedback is provided on a non-proprietary and non-confidential basis, and (ii) grant Sun a perpetual, non-exclusive, worldwide, fully paid-up, irrevocable license, with the right to sublicense through multiple levels of sublicensees, to incorporate, disclose, and use without limitation the Feedback for any purpose related to the Specification and future versions, implementations, and test suites thereof.

GENERAL TERMS

Any action related to this Agreement will be governed by California law and controlling U.S. federal law. The U.N. Convention for the International Sale of Goods and the choice of law rules of any jurisdiction will not apply.

The Specification is subject to U.S. export control laws and may be subject to export or import regulations in other countries. Licensee agrees to comply strictly with all such laws and regulations and acknowledges that it has the responsibility to obtain such licenses to export, re-export or import as may be required after delivery to Licensee.

This Agreement is the parties’ entire agreement relating to its subject matter. It supersedes all prior or contemporaneous oral or written communications, proposals, conditions, representations and warranties and prevails over any conflicting or additional terms of any quote, order, acknowledgment, or other communication between the parties relating to its subject matter during the term of this Agreement. No modification to this Agreement will be binding, unless in writing and signed by an authorized representative of each party.

Contents

1 Introduction
 1.1 Status
 1.2 Goals
 1.3 Non-Goals
 1.4 Conventions
 1.5 Terminology
 1.6 Expert Group Members
 1.7 Acknowledgements
2 Applications
 2.1 Configuration
 2.2 Validation
 2.3 Publication
  2.3.1 Java SE
  2.3.2 Servlet
  2.3.3 Other Container
3 Resources
 3.1 Resource Classes
  3.1.1 Lifecycle and Environment
  3.1.2 Constructors
 3.2 Fields and Bean Properties
 3.3 Resource Methods
  3.3.1 Visibility
  3.3.2 Parameters
  3.3.3 Return Type
  3.3.4 Exceptions
  3.3.5 HEAD and OPTIONS
 3.4 URI Templates
  3.4.1 Sub Resources
 3.5 Declaring Media Type Capabilities
 3.6 Annotation Inheritance
 3.7 Matching Requests to Resource Methods
  3.7.1 Request Preprocessing
  3.7.2 Request Matching
  3.7.3 Converting URI Templates to Regular Expressions
 3.8 Determining the MediaType of Responses
4 Providers
 4.1 Lifecycle and Environment
  4.1.1 Constructors
 4.2 Entity Providers
  4.2.1 Message Body Reader
  4.2.2 Message Body Writer
  4.2.3 Declaring Media Type Capabilities
  4.2.4 Standard Entity Providers
  4.2.5 Transfer Encoding
  4.2.6 Content Encoding
 4.3 Context Providers
  4.3.1 Declaring Media Type Capabilities
 4.4 Exception Mapping Providers
5 Context
 5.1 Concurrency
 5.2 Context Types
  5.2.1 Application
  5.2.2 URIs and URI Templates
  5.2.3 Headers
  5.2.4 Content Negotiation and Preconditions
  5.2.5 Security Context
  5.2.6 Providers
6 Environment
 6.1 Servlet Container
 6.2 Java EE Container
 6.3 Other
7 Runtime Delegate
 7.1 Configuration
A Summary of Annotations
B HTTP Header Support
C Change Log
 C.1 Changes Since 1.0 Release
 C.2 Changes Since Proposed Final Draft
 C.3 Changes Since Public Review Draft
Bibliography

Chapter 1
Introduction

This specification defines a set of Java APIs for the development of Web services built according to the Representational State Transfer[1] (REST) architectural style. Readers are assumed to be familiar with REST; for more information about the REST architectural style and RESTful Web services, see:

1.1 Status

This is an editors draft; this specification is not yet complete. A list of open issues can be found at:

https://jsr311.dev.java.net/servlets/ProjectIssues

The corresponding Javadocs can be found online at:

https://jsr311.dev.java.net/nonav/releases/1.1/index.html

The reference implementation can be obtained from:

https://jersey.dev.java.net/

The expert group seeks feedback from the community on any aspect of this specification, please send comments to:

users@jsr311.dev.java.net

1.2 Goals

The following are the goals of the API:

POJO-based
The API will provide a set of annotations and associated classes/interfaces that may be used with POJOs in order to expose them as Web resources. The specification will define object lifecycle and scope.
HTTP-centric
The specification will assume HTTP[4] is the underlying network protocol and will provide a clear mapping between HTTP and URI[5] elements and the corresponding API classes and annotations. The API will provide high level support for common HTTP usage patterns and will be sufficiently flexible to support a variety of HTTP applications including WebDAV[6] and the Atom Publishing Protocol[7].
Format independence
The API will be applicable to a wide variety of HTTP entity body content types. It will provide the necessary pluggability to allow additional types to be added by an application in a standard manner.
Container independence
Artifacts using the API will be deployable in a variety of Web-tier containers. The specification will define how artifacts are deployed in a Servlet[8] container and as a JAX-WS[9] Provider.
Inclusion in Java EE
The specification will define the environment for a Web resource class hosted in a Java EE container and will specify how to use Java EE features and components within a Web resource class.

1.3 Non-Goals

The following are non-goals:

Support for Java versions prior to J2SE 5.0
The API will make extensive use of annotations and will require J2SE 5.0 or later.
Description, registration and discovery
The specification will neither define nor require any service description, registration or discovery capability.
Client APIs
The specification will not define client-side APIs. Other specifications are expected to provide such functionality.
HTTP Stack
The specification will not define a new HTTP stack. HTTP protocol support is provided by a container that hosts artifacts developed using the API.
Data model/format classes
The API will not define classes that support manipulation of entity body content, rather it will provide pluggability to allow such classes to be used by artifacts developed using the API.

1.4 Conventions

The keywords ‘MUST’, ‘MUST NOT’, ‘REQUIRED’, ‘SHALL’, ‘SHALL NOT’, ‘SHOULD’, ‘SHOULD NOT’, ‘RECOMMENDED’, ‘MAY’, and ‘OPTIONAL’ in this document are to be interpreted as described in RFC 2119[10].

Java code and sample data fragments are formatted as shown in figure 1.1:



Figure 1.1: Example Java Code
1 package com.example.hello;  
2  
3 public class Hello {  
4     public static void main(String args[]) {  
5         System.out.println("Hello World");  
6     }  
7 }


URIs of the general form ‘http://example.org/...’ and ‘http://example.com/...’ represent application or context-dependent URIs.

All parts of this specification are normative, with the exception of examples, notes and sections explicitly marked as ‘Non-Normative’. Non-normative notes are formatted as shown below.

Note: This is a note.

1.5 Terminology

Resource class
A Java class that uses JAX-RS annotations to implement a corresponding Web resource, see chapter 3.
Root resource class
A resource class annotated with @Path. Root resource classes provide the roots of the resource class tree and provide access to sub-resources, see chapter 3.
Request method designator
A runtime annotation annotated with @HttpMethod. Used to identify the HTTP request method to be handled by a resource method.
Resource method
A method of a resource class annotated with a request method designator that is used to handle requests on the corresponding resource, see section 3.3.
Sub-resource locator
A method of a resource class that is used to locate sub-resources of the corresponding resource, see section 3.4.1.
Sub-resource method
A method of a resource class that is used to handle requests on a sub-resource of the corresponding resource, see section 3.4.1.
Provider
An implementation of a JAX-RS extension interface. Providers extend the capabilities of a JAX-RS runtime and are described in chapter 4.

1.6 Expert Group Members

This specification is being developed as part of JSR 311 under the Java Community Process. This specification is the result of the collaborative work of the members of the JSR 311 Expert Group. The following are the present and former expert group members:

Jan Algermissen (Individual Member)
Heiko Braun (Red Hat Middleware LLC)
Bill Burke (Red Hat Middleware LLC)
Larry Cable (BEA Systems)
Bill De Hora (Individual Member)
Roy Fielding (Day Software, Inc.)
Harpreet Geekee (Nortel)
Nickolas Grabovas (Individual Member)
Mark Hansen (Individual Member)
John Harby (Individual Member)
Hao He (Individual Member)
Ryan Heaton (Individual Member)
David Hensley (Individual Member)
Stephan Koops (Individual Member)
Changshin Lee (NCsoft Corporation)
Francois Leygues (Alcatel-Lucent)
Jerome Louvel (Individual Member)
Hamid Ben Malek (Fujitsu Limited)
Ryan J. McDonough (Individual Member)
Felix Meschberger (Day Software, Inc.)
David Orchard (BEA Systems)
Dhanji R. Prasanna (Individual Member)
Julian Reschke (Individual Member)
Jan Schulz-Hofen (Individual Member)
Joel Smith (IBM)
Stefan Tilkov (innoQ Deutschland GmbH)

1.7 Acknowledgements

During the course of the JSR we received many excellent suggestions on the JSR and Jersey (RI) mailing lists, thanks in particular to James Manger (Telstra) and Reto Bachmann-Gmür (Trialox) for their contributions.

The GenericEntity class was inspired by the Google Guice TypeLiteral class. Our thanks to Bob Lee and Google for donating this class to JAX-RS.

The following individuals (all Sun Microsystems) have also made invaluable technical contributions: Roberto Chinnici, Dianne Jiao (TCK), Ron Monzillo, Rajiv Mordani, Eduardo Pelegri-Llopart, Jakub Podlesak (RI) and Bill Shannon.

Chapter 2
Applications

A JAX-RS application consists of one or more resources (see chapter 3) and zero or more providers (see chapter 4). This chapter describes aspects of JAX-RS that apply to an application as a whole, subsequent chapters describe particular aspects of a JAX-RS application and requirements on JAX-RS implementations.

2.1 Configuration

The resources and providers that make up a JAX-RS application are configured via an application-supplied subclass of Application. An implementation MAY provide alternate mechanisms for locating resource classes and providers (e.g. runtime class scanning) but use of Application is the only portable means of configuration.

2.2 Validation

Specific validation requirements are detailed throughout this specification and the JAX-RS Javadocs. Implementations MAY perform additional validation where feasible and SHOULD report any issues arising from such validation to the user.

2.3 Publication

Applications are published in different ways depending on whether the application is run in a Java SE environment or within a container. This section describes the alternate means of publication.

2.3.1 Java SE

In a Java SE environment a configured instance of an endpoint class can be obtained using the createEndpoint method of RuntimeDelegate. The application supplies an instance of Application and the type of endpoint required. An implementation MAY support zero or more endpoint types of any desired type.

How the resulting endpoint class instance is used to publish the application is outside the scope of this specification.

2.3.1.1 JAX-WS

An implementation that supports publication via JAX-WS MUST support createEndpoint with an endpoint type of javax.xml.ws.Provider. JAX-WS describes how a Provider based endpoint can be published in an SE environment.

2.3.2 Servlet

A JAX-RS application is packaged as a Web application in a .war file. The application classes are packaged in WEB-INF/classes or WEB-INF/lib and required libraries are packaged in WEB-INF/lib. See the Servlet specification for full details on packaging of web applications.

It is RECOMMENDED that implementations support the Servlet 3 framework pluggability mechanism to enable portability between containers and to avail themselves of container-supplied class scanning facilities. When using the pluggability mechanism the following conditions MUST be met:

In either of the latter two cases, if both Application.getClasses and Application.getSingletons return an empty list then all root resource classes and providers packaged in the web application MUST be included in the published JAX-RS application. If either getClasses or getSingletons return a non-empty list then only those classes or singletons returned MUST be included in the published JAX-RS application.

If not using the Servlet 3 framework pluggability mechanism (e.g. in a pre-Servet 3.0 container), the servlet-class or filter-class element of the web.xml descriptor SHOULD name the JAX-RS implementation-supplied servlet or filter class respectively. The Application subclass SHOULD be identified using an init-param with a param-name of javax.ws.rs.Application.

2.3.3 Other Container

An implementation MAY provide facilities to host a JAX-RS application in other types of container, such facilities are outside the scope of this specification.

Chapter 3
Resources

Using JAX-RS a Web resource is implemented as a resource class and requests are handled by resource methods. This chapter describes resource classes and resource methods in detail.

3.1 Resource Classes

A resource class is a Java class that uses JAX-RS annotations to implement a corresponding Web resource. Resource classes are POJOs that have at least one method annotated with @Path or a request method designator.

3.1.1 Lifecycle and Environment

By default a new resource class instance is created for each request to that resource. First the constructor (see section 3.1.2) is called, then any requested dependencies are injected (see section 3.2), then the appropriate method (see section 3.3) is invoked and finally the object is made available for garbage collection.

An implementation MAY offer other resource class lifecycles, mechanisms for specifying these are outside the scope of this specification. E.g. an implementation based on an inversion-of-control framework may support all of the lifecycle options provided by that framework.

3.1.2 Constructors

Root resource classes are instantiated by the JAX-RS runtime and MUST have a public constructor for which the JAX-RS runtime can provide all parameter values. Note that a zero argument constructor is permissible under this rule.

A public constructor MAY include parameters annotated with one of the following: @Context, @HeaderParam, @CookieParam, @MatrixParam, @QueryParam or @PathParam. However, depending on the resource class lifecycle and concurrency, per-request information may not make sense in a constructor. If more than one public constructor is suitable then an implementation MUST use the one with the most parameters. Choosing amongst suitable constructors with the same number of parameters is implementation specific, implementations SHOULD generate a warning about such ambiguity.

Non-root resource classes are instantiated by an application and do not require the above-described public constructor.

3.2 Fields and Bean Properties

When a resource class is instantiated, the values of fields and bean properties annotated with one the following annotations are set according to the semantics of the annotation:

@MatrixParam
Extracts the value of a URI matrix parameter.
@QueryParam
Extracts the value of a URI query parameter.
@PathParam
Extracts the value of a URI template parameter.
@CookieParam
Extracts the value of a cookie.
@HeaderParam
Extracts the value of a header.
@Context
Injects an instance of a supported resource, see chapters 5 and 6 for more details.

Because injection occurs at object creation time, use of these annotations (with the exception of @Context) on resource class fields and bean properties is only supported for the default per-request resource class lifecycle. An implementation SHOULD warn if resource classes with other lifecycles use these annotations on resource class fields or bean properties.

An implementation is only required to set the annotated field and bean property values of instances created by the implementation runtime. Objects returned by sub-resource locators (see section 3.4.1) are expected to be initialized by their creator and field and bean properties are not modified by the implementation runtime.

Valid parameter types for each of the above annotations are listed in the corresponding Javadoc, however in general (excluding @Context) the following types are supported:

  1. Primitive types.
  2. Types that have a constructor that accepts a single String argument.
  3. Types that have a static method named valueOf or fromString with a single String argument that return an instance of the type. If both methods are present then valueOf MUST be used unless the type is an enum in which case fromString MUST be used.
  4. List<T>, Set<T>, or SortedSet<T>, where T satisfies 2 or 3 above.

The DefaultValue annotation may be used to supply a default value for some of the above, see the Javadoc for DefaultValue for usage details and rules for generating a value in the absence of this annotation and the requested data. The Encoded annotation may be used to disable automatic URI decoding for @MatrixParam, @QueryParam, and @PathParam annotated fields and properties.

A WebApplicationException thrown during construction of field or property values using 2 or 3 above is processed directly as described in section 3.3.4. Other exceptions thrown during construction of field or property values using 2 or 3 above are treated as client errors: if the field or property is annotated with @MatrixParam, @QueryParam or @PathParam then an implementation MUST generate a WebApplicationException that wraps the thrown exception with a not found response (404 status) and no entity; if the field or property is annotated with @HeaderParam or @CookieParam then an implementation MUST generate a WebApplicationException that wraps the thrown exception with a client error response (400 status) and no entity. The WebApplicationException MUST be then be processed as described in section 3.3.4.

3.3 Resource Methods

Resource methods are methods of a resource class annotated with a request method designator. They are used to handle requests and MUST conform to certain restrictions described in this section.

A request method designator is a runtime annotation that is annotated with the @HttpMethod annotation. JAX-RS defines a set of request method designators for the common HTTP methods: @GET, @POST, @PUT, @DELETE, @HEAD. Users may define their own custom request method designators including alternate designators for the common HTTP methods.

3.3.1 Visibility

Only public methods may be exposed as resource methods. An implementation SHOULD warn users if a non-public method carries a method designator or @Path annotation.

3.3.2 Parameters

When a resource method is invoked, parameters annotated with @FormParam or one of the annotations listed in section 3.2 are mapped from the request according to the semantics of the annotation. Similar to fields and bean properties:

3.3.2.1 Entity Parameters

The value of a non-annotated parameter, called the entity parameter, is mapped from the request entity body. Conversion between an entity body and a Java type is the responsibility of an entity provider, see section 4.2.

Resource methods MUST NOT have more than one parameter that is not annotated with one of the above-listed annotations.

3.3.3 Return Type

Resource methods MAY return void, Response, GenericEntity, or another Java type, these return types are mapped to a response entity body as follows:

void
Results in an empty entity body with a 204 status code.
Response
Results in an entity body mapped from the entity property of the Response with the status code specified by the status property of the Response. A null return value results in a 204 status code. If the status property of the Response is not set: a 200 status code is used for a non-null entity property and a 204 status code is used if the entity property is null.
GenericEntity
Results in an entity body mapped from the Entity property of the GenericEntity. If the return value is not null a 200 status code is used, a null return value results in a 204 status code.
Other
Results in an entity body mapped from the class of the returned instance. If the return value is not null a 200 status code is used, a null return value results in a 204 status code.

Methods that need to provide additional metadata with a response should return an instance of Response, the ResponseBuilder class provides a convenient way to create a Response instance using a builder pattern.

Conversion between a Java object and an entity body is the responsibility of an entity provider, see section 4.2. The return type of a resource method and the type of the returned instance are used to determine the raw type and generic type supplied to the isWritable method of MessageBodyWriteras follows:





Return Type Returned Instance1 Raw Type Generic Type




GenericEntity GenericEntity or subclass RawType property Type property




Response GenericEntity or subclass RawType property Type property




Response Object or subclass Class of instance Class of instance




Other Return type or subclass Class of instance Generic type of return type




Table 3.1: Determining raw and generic types of return values

To illustrate the above consider a method that always returns an instance of ArrayList<String> either directly or wrapped in some combination of Response and GenericEntity. The resulting raw and generic types are shown below.





Return Type Returned Instance Raw Type Generic Type




GenericEntity GenericEntity<List<String>> ArrayList<?> List<String>




Response GenericEntity<List<String>> ArrayList<?> List<String>




Response ArrayList<String> ArrayList<?> ArrayList<?>




List<String> ArrayList<String> ArrayList<?> List<String>




Table 3.2: Example raw and generic types of return values

3.3.4 Exceptions

A resource method, sub-resource method or sub-resource locator may throw any checked or unchecked exception. An implementation MUST catch all exceptions and process them as follows:

  1. Instances of WebApplicationException MUST be mapped to a response as follows. If the response property of the exception does not contain an entity and an exception mapping provider (see section 4.4) is available for WebApplicationException an implementation MUST use the provider to create a new Response instance, otherwise the response property is used directly. The resulting Response instance is then processed according to section 3.3.3.
  2. If an exception mapping provider (see section 4.4) is available for the exception or one of its superclasses, an implementation MUST use the provider whose generic type is the nearest superclass of the exception to create a Response instance that is then processed according to section 3.3.3. If the exception mapping provider throws an exception while creating a Response then return a server error (status code 500) response to the client.
  3. Unchecked exceptions and errors MUST be re-thrown and allowed to propagate to the underlying container.
  4. Checked exceptions and throwables that cannot be thrown directly MUST be wrapped in a container-specific exception that is then thrown and allowed to propagate to the underlying container. Servlet-based implementations MUST use ServletException as the wrapper. JAX-WS Provider-based implementations MUST use WebServiceException as the wrapper.

Note: Items 3 and 4 allow existing container facilities (e.g. a Servlet filter or error pages) to be used to handle the error if desired.

3.3.5 HEAD and OPTIONS

HEAD and OPTIONS requests receive additional automated support. On receipt of a HEAD request an implementation MUST either:

  1. Call a method annotated with a request method designator for HEAD or, if none present,
  2. Call a method annotated with a request method designator for GET and discard any returned entity.

Note that option 2 may result in reduced performance where entity creation is significant.

On receipt of an OPTIONS request an implementation MUST either:

  1. Call a method annotated with a request method designator for OPTIONS or, if none present,
  2. Generate an automatic response using the metadata provided by the JAX-RS annotations on the matching class and its methods.

3.4 URI Templates

A root resource class is anchored in URI space using the @Path annotation. The value of the annotation is a relative URI path template whose base URI is provided by the combination of the deployment context and the application path (see the @ApplicationPath annotation).

A URI path template is a string with zero or more embedded parameters that, when values are substituted for all the parameters, is a valid URI[5] path. The Javadoc for the @Path annotation describes their syntax. E.g.:

1 @Path("widgets/{id}")  
2 public class Widget {  
3   ...  
4 }

In the above example the Widget resource class is identified by the relative URI path widgets/xxx where xxx is the value of the id parameter.

Note: Because ‘{’and ‘} are not part of either the reserved or unreserved productions of URI[5] they will not appear in a valid URI.

The value of the annotation is automatically encoded, e.g. the following two lines are equivalent:

1 @Path("widget list/{id}")  
2 @Path("widget%20list/{id}")

Template parameters can optionally specify the regular expression used to match their values. The default value matches any text and terminates at the end of a path segment but other values can be used to alter this behavior, e.g.:

1 @Path("widgets/{path:.+}")  
2 public class Widget {  
3   ...  
4 }

In the above example the Widget resource class will be matched for any request whose path starts with widgets and contains at least one more path segment; the value of the path parameter will be the request path following widgets. E.g. given the request path widgets/small/a the value of path would be small/a.

3.4.1 Sub Resources

Methods of a resource class that are annotated with @Path are either sub-resource methods or sub-resource locators. Sub-resource methods handle a HTTP request directly whilst sub-resource locators return an object that will handle a HTTP request. The presence or absence of a request method designator (e.g. @GET) differentiates between the two:

Present
Such methods, known as sub-resource methods, are treated like a normal resource method (see section 3.3) except the method is only invoked for request URIs that match a URI template created by concatenating the URI template of the resource class with the URI template of the method2 .
Absent
Such methods, known as sub-resource locators, are used to dynamically resolve the object that will handle the request. Any returned object is treated as a resource class instance and used to either handle the request or to further resolve the object that will handle the request, see 3.7 for further details. An implementation MUST dynamically determine the class of object returned rather than relying on the static sub-resource locator return type since the returned instance may be a subclass of the declared type with potentially different annotations, see section 3.6 for rules on annotation inheritance. Sub-resource locators may have all the same parameters as a normal resource method (see section 3.3) except that they MUST NOT have an entity parameter.

The following example illustrates the difference:

1 @Path("widgets")  
2 public class WidgetsResource {  
3   @GET  
4   @Path("offers")  
5   public WidgetList getDiscounted() {...}  
6  
7   @Path("{id}")  
8   public WidgetResource findWidget(@PathParam("id") String id) {  
9     return new WidgetResource(id);  
10   }  
11 }  
12  
13 public class WidgetResource {  
14   public WidgetResource(String id) {...}  
15  
16   @GET  
17   public Widget getDetails() {...}  
18 }

In the above a GET request for the widgets/offers resource is handled directly by the getDiscounted sub-resource method of the resource class WidgetsResource whereas a GET request for widgets/xxx is handled by the getDetails method of the WidgetResource resource class.

Note: A set of sub-resource methods annotated with the same URI template value are functionally equivalent to a similarly annotated sub-resource locator that returns an instance of a resource class with the same set of resource methods.

3.5 Declaring Media Type Capabilities

Application classes can declare the supported request and response media types using the @Consumes and @Produces annotations respectively. These annotations MAY be applied to a resource method, a resource class, or to an entity provider (see section 4.2.3). Use of these annotations on a resource method overrides any on the resource class or on an entity provider for a method argument or return type. In the absence of either of these annotations, support for any media type (“*/*”) is assumed.

The following example illustrates the use of these annotations:

1 @Path("widgets")  
2 @Produces("application/widgets+xml")  
3 public class WidgetsResource {  
4  
5   @GET  
6   public Widgets getAsXML() {...}  
7  
8   @GET  
9   @Produces("text/html")  
10   public String getAsHtml() {...}  
11  
12   @POST  
13   @Consumes("application/widgets+xml")  
14   public void addWidget(Widget widget) {...}  
15 }  
16  
17 @Provider  
18 @Produces("application/widgets+xml")  
19 public class WidgetsProvider implements MessageBodyWriter<Widgets> {...}  
20  
21 @Provider  
22 @Consumes("application/widgets+xml")  
23 public class WidgetProvider implements MessageBodyReader<Widget> {...}

In the above:

An implementation MUST NOT invoke a method whose effective value of @Produces does not match the request Accept header. An implementation MUST NOT invoke a method whose effective value of @Consumes does not match the request Content-Type header.

3.6 Annotation Inheritance

JAX-RS annotations MAY be used on the methods and method parameters of a super-class or an implemented interface. Such annotations are inherited by a corresponding sub-class or implementation class method provided that method and its parameters do not have any JAX-RS annotations of its own. Annotations on a super-class take precedence over those on an implemented interface. If a subclass or implementation method has any JAX-RS annotations then all of the annotations on the super class or interface method are ignored. E.g.:

1 public interface ReadOnlyAtomFeed {  
2   @GET @Produces("application/atom+xml")  
3   Feed getFeed();  
4 }  
5  
6 @Path("feed")  
7 public class ActivityLog implements ReadOnlyAtomFeed {  
8   public Feed getFeed() {...}  
9 }

In the above, ActivityLog.getFeed inherits the @GET and @Produces annotations from the interface. Conversely:

1 @Path("feed")  
2 public class ActivityLog implements ReadOnlyAtomFeed {  
3   @Produces("application/atom+xml")  
4   public Feed getFeed() {...}  
5 }

In the above, the @GET annotation on ReadOnlyAtomFeed.getFeed is not inherited by Activity-Log.getFeed and it would require its own request method designator since it redefines the @Produces annotation.

3.7 Matching Requests to Resource Methods

This section describes how a request is matched to a resource class and method. Implementations are not required to use the algorithm as written but MUST produce results equivalent to those produced by the algorithm.

3.7.1 Request Preprocessing

Prior to matching, request URIs are normalized3 by following the rules for case, path segment, and percent encoding normalization described in section 6.2.2 of RFC 3986[5]. The normalized request URI MUST be reflected in the URIs obtained from an injected UriInfo.

3.7.2 Request Matching

A request is matched to the corresponding resource method or sub-resource method by comparing the normalized request URI (see section 3.7.1), the media type of any request entity, and the requested response entity format to the metadata annotations on the resource classes and their methods. If no matching resource method or sub-resource method can be found then an appropriate error response is returned. Matching of requests to resource methods proceeds in three stages as follows:

  1. Identify the root resource class:

    1. Set U = request URI path,C = {root resource classes},E = {}
    2. For each class in C add a regular expression (computed using the function R(A) described in section 3.7.3) to E as follows:
      • Add R(Tclass) where Tclass is the URI path template specified for the class.
    3. Filter E by matching each member against U as follows:
      • Remove members that do not match U.
      • Remove members for which the final regular expression capturing group (henceforth simply referred to as a capturing group) value is neither empty nor ‘/’ and the class associated with R(Tclass) had no sub-resource methods or locators.
    4. If E is empty then no matching resource can be found, the algorithm terminates and an implementation MUST generate a WebApplicationException with a not found response (HTTP 404 status) and no entity. The exception MUST be processed as described in section 3.3.4.
    5. Sort E using the number of literal characters4 in each member as the primary key (descending order), the number of capturing groups as a secondary key (descending order) and the number of capturing groups with non-default regular expressions (i.e. not ‘([^  /]+?)’) as the tertiary key (descending order).
    6. Set Rmatch to be the first member of E, set U to be the value of the final capturing group of Rmatch when matched against U, and instantiate an object O of the associated class.
  2. Obtain the object that will handle the request and a set of candidate methods:

    1. If U is null or ‘/’, set
      M  = {resource methods of O (excluding sub resource m ethods)}
      and go to step 3
    2. Set C = class of O,E = {}
    3. For class C add regular expressions to E for each sub-resource method and locator as follows:
      1. For each sub-resource method, add R(Tmethod) where Tmethod is the URI path template of the sub-resource method.
      2. For each sub-resource locator, add R(Tlocator) where Tlocator is the URI path template of the sub-resource locator.
    4. Filter E by matching each member against U as follows:
      • Remove members that do not match U.
      • Remove members derived from Tmethod (those added in step 2(c)i) for which the final capturing group value is neither empty nor ‘/’.
    5. If E is empty then no matching resource can be found, the algorithm terminates and an implementation MUST generate a WebApplicationException with a not found response (HTTP 404 status) and no entity. The exception MUST be processed as described in section 3.3.4.
    6. Sort E using the number of literal characters in each member as the primary key (descending order), the number of capturing groups as a secondary key (descending order), the number of capturing groups with non-default regular expressions (i.e. not ‘([^  /]+?)’) as the tertiary key (descending order), and the source of each member as quaternary key sorting those derived from Tmethod ahead of those derived from Tlocator.
    7. Set Rmatch to be the first member of E
    8. If Rmatch was derived from Tmethod, then set
      M =  {subresource m ethods of O w here R(T     ) = R     }
                                     m eth od     match
      and go to step 3.
    9. Set U to be the value of the final capturing group of R(Tmatch) when matched against U, invoke the sub-resource locator method of O and set O to the value returned from that method.
    10. Go to step 2a.
  3. Identify the method that will handle the request:

    1. Filter M by removing members that do not meet the following criteria:
      • The request method is supported. If no methods support the request method an implementation MUST generate a WebApplicationException with a method not allowed response (HTTP 405 status) and no entity. The exception MUST be processed as described in section 3.3.4. Note the additional support for HEAD and OPTIONS described in section 3.3.5.
      • The media type of the request entity body (if any) is a supported input data format (see section 3.5). If no methods support the media type of the request entity body an implementation MUST generate a WebApplicationException with an unsupported media type response (HTTP 415 status) and no entity. The exception MUST be processed as described in section 3.3.4.
      • At least one of the acceptable response entity body media types is a supported output data format (see section 3.5). If no methods support one of the acceptable response entity body media types an implementation MUST generate a WebApplicationException with a not acceptable response (HTTP 406 status) and no entity. The exception MUST be processed as described in section 3.3.4.
    2. Sort M in descending order as follows:
      • The primary key is the media type of input data. Methods whose @Consumes value is the best match for the media type of the request are sorted first.
      • The secondary key is the @Produces value. Methods whose value of @Produces best matches the value of the request accept header are sorted first.

      Determining the best matching media types follows the general rule: n/m > n/* > */*, i.e. a method that explicitly consumes the request media type or produces one of the requested media types is sorted before a method that consumes or produces */*. Quality parameter values in the accept header are also considered such that methods that produce media types with a higher acceptable q-value are sorted ahead of those with a lower acceptable q-value (i.e. n/m;q=1.0 > n/m;q=0.7) - see section 14.1 of [4] for more details.

    3. The request is dispatched to the first Java method in the set5 .

3.7.3 Converting URI Templates to Regular Expressions

The function R(A) converts a URI path template annotation A into a regular expression as follows:

  1. URI encode the template, ignoring URI template variable specifications.
  2. Escape any regular expression characters in the URI template, again ignoring URI template variable specifications.
  3. Replace each URI template variable with a capturing group containing the specified regular expression or ‘([^  /]+?)’ if no regular expression is specified.
  4. If the resulting string ends with ‘/’ then remove the final character.
  5. Append ‘(/.*)?’ to the result.

Note that the above renders the name of template variables irrelevant for template matching purposes. However, implementations will need to retain template variable names in order to facilitate the extraction of template variable values via @PathParam or UriInfo.getPathParameters.

3.8 Determining the MediaType of Responses

In many cases it is not possible to statically determine the media type of a response. The following algorithm is used to determine the response media type, Mselected, at run time:

  1. If the method returns an instance of Response whose metadata includes the response media type (Mspecified) then set Mselected = Mspecified, finish.
  2. Gather the set of producible media types P :
  3. If P = {}, set P = {‘*/*’}
  4. Obtain the acceptable media types A. If A = {}, set A = {‘*/*’}
  5. Set M = {}. For each member of A,a:
  6. If M = {} then generate a WebApplicationException with a not acceptable response (HTTP 406 status) and no entity. The exception MUST be processed as described in section 3.3.4. Finish.
  7. Sort M in descending order, with a primary key of specificity (n/m > n/* > */*) and secondary key of q-value.
  8. For each member of M,m:
  9. If M contains ‘*/*’ or ‘application/*’, set Mselected = ‘application/octet-stream’, finish.
  10. Generate a WebApplicationException with a not acceptable response (HTTP 406 status) and no entity. The exception MUST be processed as described in section 3.3.4. Finish.

Note that the above renders a response with a default media type of ‘application/octet-stream’ when a concrete type cannot be determined. It is RECOMMENDED that MessageBodyWriter implementations specify at least one concrete type via @Produces.

Chapter 4
Providers

The JAX-RS runtime is extended using application-supplied provider classes. A provider is annotated with @Provider and implements one or more interfaces defined by JAX-RS.

4.1 Lifecycle and Environment

By default a single instance of each provider class is instantiated for each JAX-RS application. First the constructor (see section 4.1.1) is called, then any requested dependencies are injected (see chapter 5), then the appropriate provider methods may be called multiple times (simultaneously), and finally the object is made available for garbage collection. Section 5.2.6 describes how a provider obtains access to other providers via dependency injection.

An implementation MAY offer other provider lifecycles, mechanisms for specifying these are outside the scope of this specification. E.g. an implementation based on an inversion-of-control framework may support all of the lifecycle options provided by that framework.

4.1.1 Constructors

Provider classes are instantiated by the JAX-RS runtime and MUST have a public constructor for which the JAX-RS runtime can provide all parameter values. Note that a zero argument constructor is permissible under this rule.

A public constructor MAY include parameters annotated with @Context- chapter 5 defines the parameter types permitted for this annotation. Since providers may be created outside the scope of a particular request, only deployment-specific properties may be available from injected interfaces at construction time - request-specific properties are available when a provider method is called. If more than one public constructor can be used then an implementation MUST use the one with the most parameters. Choosing amongst constructors with the same number of parameters is implementation specific, implementations SHOULD generate a warning about such ambiguity.

4.2 Entity Providers

Entity providers supply mapping services between representations and their associated Java types. Entity providers come in two flavors: MessageBodyReader and MessageBodyWriter described below. In the absence of a suitable entity provider, JAX-RS implementations are REQUIRED to use to the JavaBeans Activation Framework[11] to try to obtain a suitable data handler to perform the mapping instead.

4.2.1 Message Body Reader

The MessageBodyReader interface defines the contract between the JAX-RS runtime and components that provide mapping services from representations to a corresponding Java type. A class wishing to provide such a service implements the MessageBodyReader interface and is annotated with @Provider.

The following describes the logical1 steps taken by a JAX-RS implementation when mapping a request entity body to a Java method parameter:

  1. Obtain the media type of the request. If the request does not contain a Content-Type header then use application/octet-stream.
  2. Identify the Java type of the parameter whose value will be mapped from the entity body. Section 3.7 describes how the Java method is chosen.
  3. Select the set of MessageBodyReader classes that support the media type of the request, see section 4.2.3.
  4. Iterate through the selected MessageBodyReader classes and, utilizing the isReadable method of each, choose a MessageBodyReader provider that supports the desired Java type.
  5. If step 4 locates a suitable MessageBodyReader then use its readFrom method to map the entity body to the desired Java type.
  6. Else if a suitable data handler can be found using the JavaBeans Activation Framework[11] then use it to map the entity body to the desired Java type.
  7. Else generate a WebApplicationException that contains an unsupported media type response (HTTP 415 status) and no entity. The exception MUST be processed as described in section 3.3.4.

A MessageBodyReader.readFrom method MAY throw WebApplicationException. If thrown, the resource method is not invoked and the exception is treated as if it originated from a resource method, see section 3.3.4.

4.2.2 Message Body Writer

The MessageBodyWriter interface defines the contract between the JAX-RS runtime and components that provide mapping services from a Java type to a representation. A class wishing to provide such a service implements the MessageBodyWriter interface and is annotated with @Provider.

The following describes the logical steps taken by a JAX-RS implementation when mapping a return value to a response entity body:

  1. Obtain the object that will be mapped to the response entity body. For a return type of Response or subclasses the object is the value of the entity property, for other return types it is the returned object.
  2. Determine the media type of the response, see section 3.8.
  3. Select the set of MessageBodyWriter providers that support (see section 4.2.3) the object and media type of the response entity body.
  4. Sort the selected MessageBodyWriter providers with a primary key of media type (see section 4.2.3) and a secondary key of generic type where providers whose generic type is the nearest superclass of the object class are sorted first.
  5. Iterate through the sorted MessageBodyWriter providers and, utilizing the isWriteable method of each, choose an MessageBodyWriter that supports the object that will be mapped to the entity body.
  6. If step 5 locates a suitable MessageBodyWriter then use its writeTo method to map the object to the entity body.
  7. Else if a suitable data handler can be found using the JavaBeans Activation Framework[11] then use it to map the object to the entity body.
  8. Else generate a WebApplicationException with an internal server error response (HTTP 500 status) and no entity. The exception MUST be processed as described in section 3.3.4.

A MessageBodyWriter.write method MAY throw WebApplicationException. If thrown before the response is committed, the exception is treated as if it originated from a resource method, see section 3.3.4. To avoid an infinite loop, implementations SHOULD NOT attempt to map exceptions thrown during serialization of an response previously mapped from an exception and SHOULD instead simply return a server error (status code 500) response.

4.2.3 Declaring Media Type Capabilities

Message body readers and writers MAY restrict the media types they support using the @Consumes and @Produces annotations respectively. The absence of these annotations is equivalent to their inclusion with media type (“*/*”), i.e. absence implies that any media type is supported. An implementation MUST NOT use an entity provider for a media type that is not supported by that provider.

When choosing an entity provider an implementation sorts the available providers according to the media types they declare support for. Sorting of media types follows the general rule: x/y < x/* < */*, i.e. a provider that explicitly lists a media types is sorted before a provider that lists */*.

4.2.4 Standard Entity Providers

An implementation MUST include pre-packaged MessageBodyReader and MessageBodyWriter implementations for the following Java and media type combinations:

byte[]
All media types (⋆/⋆).
java.lang.String
All media types (⋆/⋆).
java.io.InputStream
All media types (⋆/⋆).
java.io.Reader
All media types (⋆/⋆).
java.io.File
All media types (⋆/⋆).
javax.activation.DataSource
All media types (⋆/⋆).
javax.xml.transform.Source
XML types (text/xml, application/xml and application/⋆+xml).
javax.xml.bind.JAXBElement and application-supplied JAXB classes
XML media types (text/xml, application/xml and application/⋆+xml).
MultivaluedMap<String,String>
Form content (application/x-www-form-urlencoded).
StreamingOutput
All media types (⋆/⋆), MessageBodyWriter only.

When reading zero-length request entities, all implementation-supplied MessageBodyReader implementations except the JAXB-related one MUST create a corresponding Java object that represents zero-length data; they MUST NOT return null. The implementation-supplied JAXB MessageBodyReader implementation MUST throw a WebApplicationException with a client error response (HTTP 400) for zero-length request entities.

The implementation-supplied entity provider(s) for javax.xml.bind.JAXBElement and application-supplied JAXB classes MUST use JAXBContext instances provided by application-supplied context resolvers, see section 4.3. If an application does not supply a JAXBContext for a particular type, the implementation-supplied entity provider MUST use its own default context instead.

When writing responses, implementations SHOULD respect application-supplied character set metadata and SHOULD use UTF-8 if a character set is not specified by the application or if the application specifies a character set that is unsupported.

An implementation MUST support application-provided entity providers and MUST use those in preference to its own pre-packaged providers when either could handle the same request.

4.2.5 Transfer Encoding

Transfer encoding for inbound data is handled by a component of the container or the JAX-RS runtime. MessageBodyReader providers always operate on the decoded HTTP entity body rather than directly on the HTTP message body.

A JAX-RS runtime or container MAY transfer encode outbound data or this MAY be done by application code.

4.2.6 Content Encoding

Content encoding is the responsibility of the application. Application-supplied entity providers MAY perform such encoding and manipulate the HTTP headers accordingly.

4.3 Context Providers

Context providers supply context to resource classes and other providers. A context provider class implements the ContextResolver<T> interface and is annotated with @Provider. E.g. an application wishing to provide a customized JAXBContext to the default JAXB entity providers would supply a class implementing ContextResolver<JAXBContext>.

Context providers MAY return null from the getContext method if they do not wish to provide their context for a particular Java type. E.g. a JAXB context provider may wish to only provide the context for certain JAXB classes. Context providers MAY also manage multiple contexts of the same type keyed to different Java types.

4.3.1 Declaring Media Type Capabilities

Context provider implementations MAY restrict the media types they support using the @Produces annotation. The absence of this annotation is equivalent to its inclusion with media type (“*/*”), i.e. absence implies that any media type is supported.

When choosing a context provider an implementation sorts the available providers according to the media types they declare support for. Sorting of media types follows the general rule: x/y < x/* < */*, i.e. a provider that explicitly lists a media type is sorted before a provider that lists */*.

4.4 Exception Mapping Providers

When a resource class or provider method throws an exception, the JAX-RS runtime will attempt to map the exception to a suitable HTTP response - see section 3.3.4. An application can supply exception mapping providers to customize this mapping.

Exception mapping providers map a checked or runtime exception to an instance of Response. An exception mapping provider implements the ExceptionMapper<T> interface and is annotated with @Provider. When a resource method throws an exception for which there is an exception mapping provider, the matching provider is used to obtain a Response instance. The resulting Response is processed as if the method throwing the exception had instead returned the Response, see section 3.3.3.

When choosing an exception mapping provider to map an exception, an implementation MUST use the provider whose generic type is the nearest superclass of the exception.

Chapter 5
Context

JAX-RS provides facilities for obtaining and processing information about the application deployment context and the context of individual requests. Such information is available to Application subclasses (see section 2.1), root resource classes (see chapter 3), and providers (see chapter 4). This chapter describes these facilities.

5.1 Concurrency

Context is specific to a particular request but instances of certain JAX-RS components (providers and resource classes with a lifecycle other than per-request) may need to support multiple concurrent requests. When injecting an instance of one of the types listed in section 5.2, the instance supplied MUST be capable of selecting the correct context for a particular request. Use of a thread-local proxy is a common way to achieve this.

5.2 Context Types

This section describes the types of context available to resource classes, providers and Application subclasses.

5.2.1 Application

The instance of the application-supplied Application subclass can be injected into a class field or method parameter using the @Context annotation. Access to the Application subclass instance allows configuration information to be centralized in that class. Note that this cannot be injected into the Application subclass itself since this would create a circular dependency.

5.2.2 URIs and URI Templates

An instance of UriInfo can be injected into a class field or method parameter using the @Context annotation. UriInfo provides both static and dynamic, per-request information, about the components of a request URI. E.g. the following would return the names of any query parameters in a request:

1 @GET  
2 @Produces{"text/plain"}  
3 public String listQueryParamNames(@Context UriInfo info) {  
4   StringBuilder buf = new StringBuilder();  
5   for (String param: info.getQueryParameters().keySet()) {  
6     buf.append(param);  
7     buf.append("\n");  
8   }  
9   return buf.toString();  
10 }

Note that the methods of UriInfo provide access to request URI information following the pre-processing described in section 3.7.1.

5.2.3 Headers

An instance of HttpHeaders can be injected into a class field or method parameter using the @Context annotation. HttpHeaders provides access to request header information either in map form or via strongly typed convenience methods. E.g. the following would return the names of all the headers in a request:

1 @GET  
2 @Produces{"text/plain"}  
3 public String listHeaderNames(@Context HttpHeaders headers) {  
4   StringBuilder buf = new StringBuilder();  
5   for (String header: headers.getRequestHeaders().keySet()) {  
6     buf.append(header);  
7     buf.append("\n");  
8   }  
9   return buf.toString();  
10 }

Note that the methods of HttpHeaders provide access to request information following the pre-processing described in section 3.7.1.

Response headers may be provided using the Response class, see 3.3.3 for more details.

5.2.4 Content Negotiation and Preconditions

JAX-RS simplifies support for content negotiation and preconditions using the Request interface. An instance of Request can be injected into a class field or method parameter using the @Context annotation. The methods of Request allow a caller to determine the best matching representation variant and to evaluate whether the current state of the resource matches any preconditions in the request. Precondition support methods return a ResponseBuilder that can be returned to the client to inform it that the request preconditions were not met. E.g. the following checks if the current entity tag matches any preconditions in the request before updating the resource:

1 @PUT  
2 public Response updateFoo(@Context Request request, Foo foo) {  
3     EntityTag tag = getCurrentTag();  
4     ResponseBuilder responseBuilder = request.evaluatePreconditions(tag);  
5     if (responseBuilder != null)  
6       return responseBuilder.build();  
7     else  
8       return doUpdate(foo);  
9 }

The application could also set the content location, expiry date and cache control information into the returned ResponseBuilder before building the response.

5.2.5 Security Context

The SecurityContext interface provides access to information about the security context of the current request. An instance of SecurityContext can be injected into a class field or method parameter using the @Context annotation. The methods of SecurityContext provide access to the current user principal, information about roles assumed by the requester, whether the request arrived over a secure channel and the authentication scheme used.

5.2.6 Providers

The Providers interface allows for lookup of provider instances based on a set of search criteria. An instance of Providers can be injected into a class field or method parameter using the @Context annotation.

This interface is expected to be primarily of interest to provider authors wishing to use other providers functionality.

Chapter 6
Environment

The container-managed resources available to a JAX-RS root resource class or provider depend on the environment in which it is deployed. Section 5.2 describes the types of context available regardless of container. The following sections describe the additional container-managed resources available to a JAX-RS root resource class or provider deployed in a variety of environments.

6.1 Servlet Container

The @Context annotation can be used to indicate a dependency on a Servlet-defined resource. A Servlet-based implementation MUST support injection of the following Servlet-defined types: ServletConfig, ServletContext, HttpServletRequest and HttpServletResponse.

An injected HttpServletRequest allows a resource method to stream the contents of a request entity. If the resource method has a parameter whose value is derived from the request entity then the stream will have already been consumed and an attempt to access it MAY result in an exception.

An injected HttpServletResponse allows a resource method to commit the HTTP response prior to returning. An implementation MUST check the committed status and only process the return value if the response is not yet committed.

Servlet filters may trigger consumption of a request body by accessing request parameters. In a servlet container the @FormParam annotation and the standard entity provider for application/x-www-form-urlencoded MUST obtain their values from the servlet request parameters if the request body has already been consumed. Servlet APIs do not differentiate between parameters in the URI and body of a request so URI-based query parameters may be included in the entity parameter.

6.2 Java EE Container

This section describes the additional requirements that apply to a JAX-RS implementation when combined in a product that supports these other Java specifications:

The following additional requirements apply when using Managed Beans, JSR299-style Managed Beans or EJBs as resource classes, providers or Application subclasses:

6.3 Other

Other container technologies MAY specify their own set of injectable resources but MUST, at a minimum, support access to the types of context listed in section 5.2.

Chapter 7
Runtime Delegate

RuntimeDelegate is an abstract factory class that provides various methods for the creation of objects that implement JAX-RS APIs. These methods are designed for use by other JAX-RS API classes and are not intended to be called directly by applications. RuntimeDelegate allows the standard JAX-RS API classes to use different JAX-RS implementations without any code changes.

An implementation of JAX-RS MUST provide a concrete subclass of RuntimeDelegate. Using the supplied RuntimeDelegate this can be provided to JAX-RS in one of two ways:

  1. An instance of RuntimeDelegate can be instantiated and injected using its static method setInstance. In this case the implementation is responsible for creating the instance; this option is intended for use with implementations based on IoC frameworks.
  2. The class to be used can be configured, see section 7.1. In this case JAX-RS is responsible for instantiating an instance of the class and the configured class MUST have a public constructor which takes no arguments.

Note that an implementation MAY supply an alternate implementation of the RuntimeDelegate API class (provided it passes the TCK signature test and behaves according to the specification) that supports alternate means of locating a concrete subclass.

A JAX-RS implementation may rely on a particular implementation of RuntimeDelegate being used – applications SHOULD NOT override the supplied RuntimeDelegate instance with an application-supplied alternative and doing so may cause unexpected problems.

7.1 Configuration

If not supplied by injection, the supplied RuntimeDelegate API class obtains the concrete implementation class using the following algorithm. The steps listed below are performed in sequence and, at each step, at most one candidate implementation class name will be produced. The implementation will then attempt to load the class with the given class name using the current context class loader or, missing one, the java.lang.Class.forName(String) method. As soon as a step results in an implementation class being successfully loaded, the algorithm terminates.

  1. If a resource with the name of META-INF/services/javax.ws.rs.ext.RuntimeDelegate exists, then its first line, if present, is used as the UTF-8 encoded name of the implementation class.
  2. If the ${java.home}/lib/jaxrs.properties file exists and it is readable by the java.util.Properties.load(InputStream) method and it contains an entry whose key is javax.ws.rs.ext.RuntimeDelegate, then the value of that entry is used as the name of the implementation class.
  3. If a system property with the name javax.ws.rs.ext.RuntimeDelegate is defined, then its value is used as the name of the implementation class.
  4. Finally, a default implementation class name is used.

Appendix A
Summary of Annotations




Annotation

Target

Description




Consumes

Type or method

Specifies a list of media types that can be consumed.




Produces

Type or method

Specifies a list of media types that can be produced.




GET

Method

Specifies that the annotated method handles HTTP GET requests.




POST

Method

Specifies that the annotated method handles HTTP POST requests.




PUT

Method

Specifies that the annotated method handles HTTP PUT requests.




DELETE

Method

Specifies that the annotated method handles HTTP DELETE requests.




HEAD

Method

Specifies that the annotated method handles HTTP HEAD requests. Note that HEAD may be automatically handled, see section 3.3.5.




ApplicationPath

Type

Specifies the resource-wide application path that forms the base URI of all root resource classes.




Path

Type or method

Specifies a relative path for a resource. When used on a class this annotation identifies that class as a root resource. When used on a method this annotation identifies a sub-resource method or locator.




PathParam

Parameter, field or method

Specifies that the value of a method parameter, class field, or bean property is to be extracted from the request URI path. The value of the annotation identifies the name of a URI template parameter.




QueryParam

Parameter, field or method

Specifies that the value of a method parameter, class field, or bean property is to be extracted from a URI query parameter. The value of the annotation identifies the name of a query parameter.




FormParam

Parameter, field or method

Specifies that the value of a method parameter is to be extracted from a form parameter in a request entity body. The value of the annotation identifies the name of a form parameter. Note that whilst the annotation target allows use on fields and methods, the specification only requires support for use on resource method parameters.




MatrixParam

Parameter, field or method

Specifies that the value of a method parameter, class field, or bean property is to be extracted from a URI matrix parameter. The value of the annotation identifies the name of a matrix parameter.




CookieParam

Parameter, field or method

Specifies that the value of a method parameter, class field, or bean property is to be extracted from a HTTP cookie. The value of the annotation identifies the name of a the cookie.




HeaderParam

Parameter, field or method

Specifies that the value of a method parameter, class field, or bean property is to be extracted from a HTTP header. The value of the annotation identifies the name of a HTTP header.




Encoded

Type, constructor, method, field or parameter

Disables automatic URI decoding for path, query, form and matrix parameters.




DefaultValue

Parameter, field or method

Specifies a default value for a field, property or method parameter annotated with @QueryParam, @MatrixParam, @CookieParam, @FormParam or @HeaderParam. The specified value will be used if the corresponding query or matrix parameter is not present in the request URI, if the corresponding form parameter is not in the request entity body, or if the corresponding HTTP header is not included in the request.




Context

Field, method or parameter

Identifies an injection target for one of the types listed in section 5.2 or the applicable section of chapter 6.




HttpMethod

Annotation

Specifies the HTTP method for a request method designator annotation.




Provider

Type

Specifies that the annotated class implements a JAX-RS extension interface.




Appendix B
HTTP Header Support

The following table lists HTTP headers that are directly supported, either automatically by a JAX-RS implementation runtime or by an application using the JAX-RS API. Any request header may be obtained using HttpHeaders, see section 5.2.3; response headers not listed here may set using the ResponseBuilder.header method.



Header

Description



Accept

Used by runtime when selecting a resource method, compared to value of @Produces annotation, see section 3.5.



Accept-Charset

Processed by runtime if application uses Request.selectVariant method, see section 5.2.4.



Accept-Encoding

Processed by runtime if application uses Request.selectVariant method, see section 5.2.4.



Accept-Language

Processed by runtime if application uses Request.selectVariant method, see section 5.2.4.



Allow

Included in automatically generated 405 error responses (see section 3.7.2) and automatically generated responses to OPTIONS requests (see section 3.3.5).



Authorization

Depends on container, information available via SecurityContext, see section 5.2.5.



Cache-Control

See CacheControl class and ResponseBuilder.cacheControl method.



Content-Encoding

Response header set by application using Response.ok or ResponseBuilder.variant.



Content-Language

Response header set by application using Response.ok, ResponseBuilder.language, or ResponseBuilder.variant.



Content-Length

Processed automatically for requests, set automatically in responses if value is provided by the MessageBodyWriter used to serialize the response entity.



Content-Type

Request header used by runtime when selecting a resource method, compared to value of @Consumes annotation, see section 3.5. Response header either set by application using Response.ok, ResponseBuilder.type, or ResponseBuilder.variant, or set automatically by runtime (see section 3.8).



Cookie

See Cookie class and HttpHeaders.getCookies method.



Date

Included in responses automatically as per HTTP/1.1.



ETag

See EntityTag class, Response.notModified method and ResponseBuilder.tag method.



Expect

Depends on underlying container.



Expires

Set by application using the ResponseBuilder.expires method.



If-Match

Processed by runtime if application uses corresponding Request.evaluatePreconditions method, see section 5.2.4.



If-Modified-Since

Processed by runtime if application uses corresponding Request.evaluatePreconditions method, see section 5.2.4.



If-None-Match

Processed by runtime if application uses corresponding Request.evaluatePreconditions method, see section 5.2.4.



If-Unmodified-Since

Processed by runtime if application uses corresponding Request.evaluatePreconditions method, see section 5.2.4.



Last-Modified

Set by application using the ResponseBuilder.lastModified method.



Location

Set by application using the applicable Response method or directly using the ResponseBuilder.location method.



Set-Cookie

See NewCookie class and ResponseBuilder.cookie method.



Transfer-Encoding

See section 4.2.5.



Vary

Set by application using Response.notAcceptable method or ResponseBuilder.variants method.



WWW-Authenticate

Depends on container.



Appendix C
Change Log

C.1 Changes Since 1.0 Release

C.2 Changes Since Proposed Final Draft

C.3 Changes Since Public Review Draft

Bibliography

[1]    R. Fielding. Architectural Styles and the Design of Network-based Software Architectures. Ph.d dissertation, University of California, Irvine, 2000. See http://roy.gbiv.com/pubs/dissertation/top.htm.

[2]    REST Wiki. Web site. See http://rest.blueoxen.net/cgi-bin/wiki.pl.

[3]    Representational State Transfer. Web site, Wikipedia. See http://en.wikipedia.org/wiki/Representational_State_Transfer.

[4]    R. Fielding, J. Gettys, J. C. Mogul, H. Frystyk, and T. Berners-Lee. RFC 2616: Hypertext Transfer Protocol – HTTP/1.1. RFC, IETF, January 1997. See http://www.ietf.org/rfc/rfc2616.txt.

[5]    T. Berners-Lee, R. Fielding, and L. Masinter. RFC 3986: Uniform Resource Identifier (URI): Generic Syntax. RFC, IETF, January 2005. See http://www.ietf.org/rfc/rfc3986.txt.

[6]    L. Dusseault. RFC 4918: HTTP Extensions for Web Distributed Authoring and Versioning (WebDAV). RFC, IETF, June 2007. See http://www.ietf.org/rfc/rfc4918.txt.

[7]    J.C. Gregorio and B. de hOra. The Atom Publishing Protocol. Internet Draft, IETF, March 2007. See http://bitworking.org/projects/atom/draft-ietf-atompub-protocol-14.html.

[8]    G. Murray. Java Servlet Specification Version 2.5. JSR, JCP, October 2006. See http://java.sun.com/products/servlet.

[9]    R. Chinnici, M. Hadley, and R. Mordani. Java API for XML Web Services. JSR, JCP, August 2005. See http://jcp.org/en/jsr/detail?id=224.

[10]    S. Bradner. RFC 2119: Keywords for use in RFCs to Indicate Requirement Levels. RFC, IETF, March 1997. See http://www.ietf.org/rfc/rfc2119.txt.

[11]    Bill Shannon. JavaBeans Activation Framework. JSR, JCP, May 2006. See http://jcp.org/en/jsr/detail?id=925.